Legal
Last updated: 4 May 2026
Foundy takes your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Foundy is a trading name of [Company Name] ("we", "us", "our"). We provide turnkey website design, build, and management services to UK B2B professionals. Our registered office is at [Address], United Kingdom. Questions about this policy: hello@foundy.studio.
We collect the following categories of personal data: • Contact data: name, work email address, and business description submitted via our brief or waitlist forms. • Usage data: anonymised analytics (page views, scroll depth, referral source) via a privacy-first analytics provider. No cross-site tracking. • Payment data: billing information is handled directly by Stripe. We do not store card details. • Communications: emails you send to hello@foundy.studio and any correspondence relating to your project.
We use your data to: • Respond to enquiries and deliver the services you request (contractual necessity). • Send service-related updates, invoices, and progress reports (contractual necessity). • Improve our service through anonymised usage analytics (legitimate interest). • Comply with legal obligations (UK law). We do not send marketing emails without your explicit consent.
Our processing is based on: • Article 6(1)(b) — performance of a contract, for all service delivery. • Article 6(1)(f) — legitimate interests, for anonymised analytics and service improvement. • Article 6(1)(a) — consent, where you have opted into communications.
We share data only with: • Stripe (payment processing) — governed by Stripe's privacy policy. • Vercel (site hosting and deployment) — EU/UK-compliant infrastructure. • Supabase (secure database) — data stored in EU regions. • Email service providers necessary to reply to your enquiries. We do not sell, rent, or trade your personal data. We do not share data with advertisers.
We retain personal data for as long as necessary to deliver our services and meet our legal obligations. Client project data is kept for 6 years post-project (UK accounting requirements). Waitlist-only contacts are deleted after 12 months of inactivity unless you engage as a client.
Under UK GDPR you have the right to: • Access a copy of the personal data we hold about you. • Correct inaccurate data. • Request deletion ("right to be forgotten") where no legal obligation requires retention. • Restrict or object to processing. • Portability — receive your data in a structured, machine-readable format. • Withdraw consent at any time. To exercise any right, email hello@foundy.studio. We will respond within 30 days.
Our site uses strictly necessary cookies only (session management, CSRF protection). We do not place advertising or third-party tracking cookies. Analytics are cookieless and anonymised.
We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, access controls, and regular security reviews. No internet transmission is 100% secure; we cannot guarantee absolute security.
We may update this policy to reflect changes in our practices or applicable law. We will post the revised policy at foundy.studio/privacy with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance.
If you believe we have mishandled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113. We would appreciate the chance to address your concerns directly first — email hello@foundy.studio.